CVE-2022-22047: Windows CSRSS Elevation of Privilege 0-day VulnerabilityToday, Microsoft released July Patch Tuesday to fix 84 security vulnerabilities (including a zero-day) in Windows and products. Microsoft...
Month: July 2022
Bypass-Url-Parser – Tool That Tests Many URL Bypasses To Reach A 40X Protected Page
Bypass-Url-Parser – Tool That Tests Many URL Bypasses To Reach A 40X Protected PageTool that tests MANY url bypasses to reach a 40X protected page. If...
AI-based social engineering is the next-generation of hacking humans
AI-based social engineering is the next-generation of hacking humansKeely Wilkins has been in the technology industry for nearly thirty years. She has worked in corporate, higher...
peetch: bypass TLS protocol protections
peetch: bypass TLS protocol protectionspeetch peetch is a collection of tools aimed at experimenting with different aspects of eBPF to bypass TLS protocol protections.... The post...
Goblin v0.4.5 releases: Goblin for Phishing Exercise Tools
Goblin v0.4.5 releases: Goblin for Phishing Exercise ToolsGoblin for Phishing Exercise Tools Goblin is a phishing rehearsal tool for red-blue confrontation. By using a reverse proxy,...
File Upload Vulnerability Scenarios
File Upload Vulnerability ScenariosFile Upload Vulnerability Scenarios (Challenges) This repository is a dockerized PHP application containing some file upload vulnerability challenges (scenarios). OWASP... The post File...
Trufflehog – Find Credentials All Over The Place
Trufflehog – Find Credentials All Over The PlaceTruffleHog Find leaked credentials. Join The Slack Have questions? Feedback? Jump in slack and hang out with us https://join.slack.com/t/trufflehog-community/shared_invite/zt-pw2qbi43-Aa86hkiimstfdKH9UCpPzQ...
DNS Tunneling: DNS Tunneling using powershell to download and execute a payload
DNS Tunneling: DNS Tunneling using powershell to download and execute a payloadWhat is DNS Tunneling? DNS tunneling is a technique that has been around for a...
EKFiddle v1.1.4 released: A framework to study Exploit Kits
EKFiddle v1.1.4 released: A framework to study Exploit KitsEKFiddle v1.1.4 A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic...
Chainalysis: Cryptocurrency Mixer Use at an All-Time High
Chainalysis: Cryptocurrency Mixer Use at an All-Time HighCryptocurrency mixer use has reached an all-time high in 2022, according to a report from the blockchain analysis firm...
Dumpscan – Tool To Extract And Dump Secrets From Kernel And Windows Minidump Formats
Dumpscan – Tool To Extract And Dump Secrets From Kernel And Windows Minidump FormatsDumpscan is a command-line tool designed to extract and dump secrets from kernel...
CVE-2022-32224: Ruby on Rails Remote Code Execution Vulnerability
CVE-2022-32224: Ruby on Rails Remote Code Execution VulnerabilityOn July 12, a remote code execution vulnerability was disclosed that impacts all versions of the Ruby on Rails...
TerraformGoat: "Vulnerable by Design” multi cloud deployment tool
TerraformGoat: "Vulnerable by Design” multi cloud deployment toolTerraformGoat TerraformGoat is HuoCorp research lab’s “Vulnerable by Design” multi-cloud deployment tool. Currently, supported cloud vendors include Alibaba Cloud,...
0 - CT 0 - CT - Cyberattacks - Phishing 0 - CT - SOC - CSIRT Operations - Cyber Incidents & Attacks Notepad BLEEPINGCOMPUTER The Last Watchdog
GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant — ‘DeepSea phishing’
GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant — ‘DeepSea phishing’Phishing itself is not a new or a particularly complicated threat. But the...
GUEST ESSAY: The case for physically destroying — and not just wiping clean — old hard drives
GUEST ESSAY: The case for physically destroying — and not just wiping clean — old hard drivesCybersecurity poses a risk to all businesses. Related: Biden moves...
6 easy ways to spot Amazon Prime Day scams
6 easy ways to spot Amazon Prime Day scamsEXECUTIVE SUMMARY: As Amazon Prime Day rapidly approaches (the 12th and 13th of this month), Check Point Research...
Top tips for building an effective code review checklist
Top tips for building an effective code review checklistEXECUTIVE SUMMARY: Code review represents the best way to maintain a high level of code quality. The code...
Apache Tomcat webshell application for RCE
Apache Tomcat webshell application for RCEApache Tomcat webshell application for RCE A webshell application and interactive shell for pentesting Apache Tomcat servers. Features Webshell plugin... The...
mageni: the vulnerability management cycle
mageni: the vulnerability management cycleMageni Mageni eases for you the vulnerability management cycle. We believe cybersecurity must be an enjoyable and uplifting experience to... The post...
Fraudulent Credit Card Maker Sentenced to 108 Months in Prison
Fraudulent Credit Card Maker Sentenced to 108 Months in PrisonA prolific fraudster who produced fraudulent credit cards using stolen card numbers from the darkweb was sentenced...
CVE-2022-2274: OpenSSL Remote Code Execution Vulnerability
CVE-2022-2274: OpenSSL Remote Code Execution VulnerabilityVersion 3.0.4 of the OpenSSL library has been discovered as susceptible to a remote memory-corruption vulnerability on select systems. Tracked... The...
CrackQL – GraphQL Password Brute-Force And Fuzzing Utility
CrackQL – GraphQL Password Brute-Force And Fuzzing UtilityCrackQL is a GraphQL password brute-force and fuzzing utility. CrackQL is a versatile GraphQL penetration testing tool that exploits...
0 - CT 0 - CT - SOC - CSIRT Operations - Cyber Incidents & Attacks Notepad BLEEPINGCOMPUTER Haxf4rall Security
pywhisker: Python tool for Shadow Credentials attacks
pywhisker: Python tool for Shadow Credentials attacksPyWhisker pyWhisker is a Python equivalent of the original Whisker made by Elad Shamir and written in C#. This tool allows users to......
Two Charged for Selling Counterfeit Oxycodone Pills
Two Charged for Selling Counterfeit Oxycodone PillsA federal grand jury returned an indictment charging two men for selling counterfeit pills on the darkweb. According to an......
mx-takeover: detects misconfigured MX records
mx-takeover: detects misconfigured MX recordsmx-takeover mx-takeover focuses on DNS MX records and detects misconfigured MX records. It currently supports three-technique. These are, MX domains... The post...
CVE-2022-33980: Apache Commons Configuration RCE Vulnerability
CVE-2022-33980: Apache Commons Configuration RCE VulnerabilityOn July 5, 2022, Apache Commons Configuration released version 2.8 to fix a remote code execution vulnerability. Tracked as CVE-2022-33980,... The...
crawlergo v0.4.3 releases: powerful browser crawler for web vulnerability scanners
crawlergo v0.4.3 releases: powerful browser crawler for web vulnerability scannerscrawlergo crawlergo is a browser crawler that uses chrome headless mode for URL collection. It hooks key...
tofu: modular tool for hacking offline Windows filesystems and bypassing login screens
tofu: modular tool for hacking offline Windows filesystems and bypassing login screenstofu A modular tool for hacking offline Windows filesystems and bypassing login screens. Can do...
Haxx – Untethered + Unsandboxed Code Execution Haxx As Root On iOS 14 – iOS 14.8.1
Haxx – Untethered + Unsandboxed Code Execution Haxx As Root On iOS 14 – iOS 14.8.1Untethered + Unsandboxed code execution haxx as root on iOS 14...
Researcher released CVE-2022-34265 PoC for Django SQL Injection flaw
Researcher released CVE-2022-34265 PoC for Django SQL Injection flawCVE-2022-34265 PoC (proof-of-concept) exploit code is about to be published for a vulnerability that allows an attacker to...